[Samba] bind fails to start w/missing records
Rowland Penny
rowlandpenny at googlemail.com
Sun May 10 07:02:33 MDT 2015
On 10/05/15 12:49, Steve Thompson wrote:
> On Sun, 10 May 2015, Rowland Penny wrote:
>
>> can you post your named conf files.
>
> Sure. This is samba's:
>
> dlz "AD DNS Zone" {
> database "dlopen /mnt/domain/samba/europa/lib/bind9/dlz_bind9_9.so";
> };
>
> and this is BIND's (notice the last line commented out):
>
> options {
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> forwarders {132.236.56.250; 128.253.180.2;};
> tkey-gssapi-keytab "/mnt/domain/samba/europa/private/dns.keytab";
> allow-recursion { 10.22.200.0/23; 10.84.104.0/26; 192.168.4.0/22;
> 192.168.12.0/22; 192.168.16.0/22; };
> };
>
> controls {
> inet 127.0.0.1 allow { localhost; };
> };
>
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
> zone "icse.cornell.edu" IN {
> type master;
> notify no;
> file "named.icse.cornell.edu";
> };
>
> zone "104.84.10.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.10.84.104";
> };
>
> zone "200.22.10.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.10.22.200";
> };
>
> zone "201.22.10.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.10.22.201";
> };
>
> zone "4.168.192.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.192.168.4";
> };
>
> zone "5.168.192.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.192.168.5";
> };
>
> zone "6.168.192.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.192.168.6";
> };
>
> zone "7.168.192.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.192.168.7";
> };
>
> zone "8.168.192.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.192.168.8";
> };
>
> zone "9.168.192.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.192.168.9";
> };
>
> zone "10.168.192.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.192.168.10";
> };
>
> zone "11.168.192.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.192.168.11";
> };
>
> zone "12.168.192.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.192.168.12";
> };
>
> zone "13.168.192.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.192.168.13";
> };
>
> zone "14.168.192.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.192.168.14";
> };
>
> zone "15.168.192.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.192.168.15";
> };
>
> zone "16.168.192.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.192.168.16";
> };
>
> zone "17.168.192.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.192.168.17";
> };
>
> zone "18.168.192.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.192.168.18";
> };
>
> zone "19.168.192.in-addr.arpa" IN {
> type master;
> notify no;
> file "named.192.168.19";
> };
>
> include "/etc/rndc.key";
> #include "/mnt/domain/samba/europa/private/named.conf";
>
> -Steve
Have you really got 19 reverse zones for your samba 4 active directory ?
I use Debian and this is my named conf files:
options {
directory "/var/cache/bind";
forwarders { 8.8.8.8; 8.8.4.4; };
dnssec-validation no;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
include "/var/lib/samba/private/named.conf";
/var/lib/samba/private/named.conf:
dlz "AD DNS Zone" {
database "dlopen /usr/lib/x86_64-linux-gnu/samba/bind9/dlz_bind9_9.so";
};
Never had a problem, not that this helps you :-)
Can you try running 'samba-tool ldapcmp ldap://<YOUR_FIRST_DC>
ldap://<YOUR_SECOND_DC>
Check if you actually have dns records:
My laptop is called Thinkpad and this command will show its dns record
in AD (run on the DC)
ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb
'(&(objectClass=dnsNode)(name=ThinkPad))'
# record 1
dn:
DC=ThinkPad,DC=example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=example,DC=com
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20140812120544.0Z
uSNCreated: 3780
showInAdvancedViewOnly: TRUE
name: ThinkPad
objectGUID: 66cce7bf-5d9c-445d-bb44-73caac0d7966
objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=example,DC=com
dc: ThinkPad
whenChanged: 20150510115457.0Z
dnsRecord:: BAABAAXwAACqAAAAAAAOEAAAAAATbDcAwKgAdw==
dNSTombstoned: FALSE
uSNChanged: 39718
distinguishedName:
DC=ThinkPad,DC=example.com,CN=MicrosoftDNS,DC=DomainDnsZones,D
C=example,DC=com
Its IP is 192.168.0.119, so to find its record:
ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb
'(&(objectClass=dnsNode)(name=119))'
# record 1
dn:
DC=119,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=example,DC=com
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20150401131744.0Z
uSNCreated: 32019
showInAdvancedViewOnly: TRUE
name: 119
objectGUID: 217523f1-34a8-44a3-8448-530aebc0cfe7
objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=example,DC=com
dc: 119
whenChanged: 20150510115457.0Z
dnsRecord:: FQAMAAXwAACqAAAAAAAOEAAAAAATbDcAEwMIVGhpbmtQYWQEaG9tZQNsYW4A
dNSTombstoned: FALSE
uSNChanged: 39720
distinguishedName:
DC=119,DC=0.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainD
nsZones,DC=example,DC=com
To see defined zones:
samba-tool dns zonelist 127.0.0.1
Password for [Administrator at EXAMPLE.COM]:
3 zone(s) found
pszZoneName : 0.168.192.in-addr.arpa
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED
DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.com
pszZoneName : example.com
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED
DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.example.com
pszZoneName : _msdcs.example.com
Flags : DNS_RPC_ZONE_DSINTEGRATED
DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED
DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : ForestDnsZones.example.com
To see dns server info:
samba-tool dns serverinfo 127.0.0.1
Password for [Administrator at EXAMPLE.COM]:
dwVersion : 0xece0205
fBootMethod : DNS_BOOT_METHOD_DIRECTORY
fAdminConfigured : FALSE
fAllowUpdate : TRUE
fDsAvailable : TRUE
pszServerName : DC01.example.com
pszDsContainer :
CN=MicrosoftDNS,DC=DomainDnsZones,DC=example,DC=com
aipServerAddrs : ['192.168.0.2']
aipListenAddrs : ['192.168.0.2']
aipForwarders : []
dwLogLevel : 0
dwDebugLevel : 0
dwForwardTimeout : 3
dwRpcPrototol : 0x5
dwNameCheckFlag : DNS_ALLOW_MULTIBYTE_NAMES
cAddressAnswerLimit : 0
dwRecursionRetry : 3
dwRecursionTimeout : 8
dwMaxCacheTtl : 86400
dwDsPollingInterval : 180
dwScavengingInterval : 0
dwDefaultRefreshInterval : 168
dwDefaultNoRefreshInterval : 168
fAutoReverseZones : FALSE
fAutoCacheUpdate : FALSE
fRecurseAfterForwarding : FALSE
fForwardDelegations : TRUE
fNoRecursion : FALSE
fSecureResponses : FALSE
fRoundRobin : TRUE
fLocalNetPriority : FALSE
fBindSecondaries : FALSE
fWriteAuthorityNs : FALSE
fStrictFileParsing : FALSE
fLooseWildcarding : FALSE
fDefaultAgingState : FALSE
dwRpcStructureVersion : 0x2
aipLogFilter : []
pwszLogFilePath : None
pszDomainName : example.com
pszForestName : example.com
pszDomainDirectoryPartition : DC=DomainDnsZones,DC=example,DC=com
pszForestDirectoryPartition : DC=ForestDnsZones,DC=example,DC=com
dwLocalNetPriorityNetMask : 0xff
dwLastScavengeTime : 0
dwEventLogLevel : 4
dwLogFileMaxSize : 0
dwDsForestVersion : 2
dwDsDomainVersion : 2
dwDsDsaVersion : 4
fReadOnlyDC : FALSE
HTH
Rowland
More information about the samba
mailing list